Forum Discussion

MichaelL1930's avatar
MichaelL1930
Copper Contributor
Aug 19, 2024

"Open Wi-Fi Connection on one endpoint" - network name is "hidden for privacy"?

Background:  We have Defender for Endpoint, and Intune installed on our corporate Android devices.

 

I'm not sure what changed recently but we are now getting tons of alerts everyday for Open Wi-Fi Connection on one endpoint. When I go in to investigate further every alert says:
Device ID : <<unique ID>> connected to an open Wi-Fi network : hidden for privacy

Is there any way to see what the actual network connected to is, to determine if this is a risk or if it is just needs user education?

incident management
investigation
microsoft defender for endpoint

4 Replies

  • smaug_ca1520's avatar
    smaug_ca1520
    Copper Contributor
    Dec 12, 2024

    MichaelL1930I am still getting these for a single connection on an Android device. I have worked with the individual who has this device. They are in a house that is physically far from other buildings and there is no other wifi around. The device is connected to the home wi-fi and it is NOT open. It is WPA2. I think these are false positives and I have no idea why they do not tell us the wi-fi network and substitute _hidden for privacy_  in the alert message in security.microsoft.com portal.
    One thing to take into account, this alert is flagged (preview) so I guess there are still bugs to work out. Have you opened a case with Microsoft to investigate?

  • oscarsmith-oskarsson's avatar
    oscarsmith-oskarsson
    Copper Contributor
    Nov 27, 2024

    I have the same, and have spend some time to understand the warning, but no success.
    Whould be intresting if there are more info someware

     

  • marknabors's avatar
    marknabors
    Copper Contributor
    Sep 25, 2024

    MichaelL1930 

     

    Hello, I'm receiving this error message in Defender for an iPhone endpoint.  Not sure how to address this issue on the endpoint.  The Microsoft Defender portal offers no direction for containment or remediation.  Can anyone offer a suggestion for how to address this issue?  

    • smaug_ca1520's avatar
      smaug_ca1520
      Copper Contributor
      Oct 05, 2024

      marknabors If the device is something your company owns, you could contact the person to investigate further. It would be a good Idea to help them protect themselves. 

      I am looking at the same thing myself. It would be nice to have Intune flag the device as non-compliant, then you could block non-compliant devices using EntraID conditional access policies to not allow logins from non-compliant devices.

      Have not figured that part out yet. If anyone else has a method to block devices using open wifi that would be helpful.